mary-ext
commented
6 months ago this is iffy, the only way for this to work is for the lexicon to describe which acting server should/shouldn't have authorization.
AppView doesn't require authentication because there's no reason to, but the PDS does. at the same time, all of this is completely arbitrary.
itaru2622
Is your feature request related to a problem? Please describe.
as discussed in https://github.com/bluesky-social/atproto/discussions/1996,
with current lexicons definition, it cannot be distinguished if each API requires authorization header or not before sending request.
as the result, developers need to check whether authorization required or not by themselves through debugging one by one API. it raises development cost and also causes trouble on development.
for example,
Describe the solution you'd like
add new attribute and indicate auth required in each lexicon API definition in machine readable manner, if auth needed.
this indication reduces development cost. moreover, it also enables 3rd party software like lex-cli to automatically generate the code having authorization consideration from lexicon definition.
Describe alternatives you've considered
add comment to tell auth required in description of current lexicon definitions, for human readable.
Additional context
as @bnewbold mentioned in the above discussion, if there are multiple levels in authorization (such as ordinal user/app, admin), it is better to indicate which authorization level required in lexicon.